Privileged Users Top List of Insider Threat Concerns: Survey

A few weeks ago, Morgan Stanley fired an employee for accessing client information and publicly posting some of it on the Internet.

The incident served as a reminder that sometimes the one who will do you harm doesn't have to break in - he or she is already seated at your table.

A new survey from research company Ovum and data security firm Vormetric shows that many businesses are learning their lesson about underestimating insider threats. According to Vormetric's 2015 Insider Threat Report, 93 percent of the organizations surveyed that are based in the U.S. felt they were vulnerable to insider threats. Globally, that figure stood at 89 percent.

"Controlling and monitoring access to the data need to be first regardless of the employee circumstance," explained Vormetric CSO Sol Cates in an email. "If organizations first take the approach to obfuscate sensitive data, and to then limit access to that data to those who require it, the attack surface available to employees…is cut to a minimum. Only those who actually need to see the data represent a risk."

According to the survey, which fielded responses from more than 800 organizations worldwide, 59 percent of U.S. respondents felt privileged users posed a threat to their organization. Forty-six percent named contractors and service providers, while 43 percent said business partners.

According to Cates, inertia and preconceptions are the biggest reasons the amount of super users in many organization seems to be running amok.

"Inertia - this is how IT has almost always operated in the past," he said. "For Linux and Unix systems especially, these roles, and their access capabilities, were part of the basic assumptions that went into the design of the operating system. At the time that Unix was created...there were only a few academic institutions on the internet, PCs were only a glimmer in someone’s eye, firewalls didn’t exist, and computer viruses were all but non-existent. It was a different world. Linux - as a direct successor to Unix - inherited the defect."

"Compounding the problem, many IT organizations even share the credential sets for these roles," he continued. "This makes it easy to manage the systems and the management accounts, but near- to-impossible to find out who is doing what. The results of this design flaw have gradually become more and more critical with time. We believe that this is the reason why this year privileged users were rated the most dangerous users in the report at 55 percent (globally). Their direct access, as well as what can happen if their credentials are compromised, are both key drivers for this."

Forty-six percent of respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization. However, 49 percent stated that databases have the greatest amount of sensitive data at risk.

"Along with the ubiquitous use of databases and servers, cloud and more recently big data take-up levels now force a stronger protection case to be made," the report notes. "Growing data volumes, when put alongside worries about a lack of control over third-party access; the use of third-party admins; and data locational issues when foreign intervention and legal sovereignty come into play, make the case for improving cloud-services data protection. Also, as more data needs to transition between on-premise systems and cloud and big data environments, organizations need to make use of more inclusive data protection facilities to control and protect their data as it moves between corporate systems."

"Vormetric’s 2015 Insider Threat report indicates nearly all of U.S. organizations polled perceive a security vacuum and feel quite threatened," said Andrew Kellett, lead analyst for Ovum and one of the architects behind the report, in a statement. "As much as we may have hoped to believe it, the Edward Snowden affair was not our data security pinnacle. According to the report, almost half of the U.S. organizations polled experienced a data breach or failed a compliance audit in the past year – which tells us the situation has probably gotten more complicated."